[tcd]

> nobody came to any harm or suffered any detrimental effects as a result of this breach

Who gets to decide what "harm" is or whether anyone suffered "detrimental effects"? Surveillance is so common and normalized they don't consider the act of collecting so much information itself as a "detrimental harm".

What if that harm only presented itself years down the line? Maybe a creepy stalker who can synthesize mulitple data sets to reconstruct a person's movements or possibly use it against them some way (scammers and fraudsters are increasingly using all these leaked datasets to create a more accurate profile of an individual for more sophisticated attacks/targeting. Your name/address/mobile number must not and can not be considered PII since it's already been leaked probably ten's of times by now).

That's an incredibly shortsighted comment to try and justify developing a system with not even the most basic of security considerations.

I honestly just wish those same people were jailed for 50 years as a result, we'd see a LOT more consideration in the future if they were held personally liable.